I'm playing around with some eCommerce stuff with PayPal Sandbox. So far this is how the application flows:
User logs in, server stores user_id in a session from the database. User can then click a buy now button once logged in. Takes them to paypal, they login and do payment, and IPN receives the notification fine :)
The only thing I now want to do to extend it, is create away of the IPN receiving the users_id back so I can set a flag on their database entry. Can this be done in PayPal?
I have tried the following with the view:
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="--ID-FROM-PAYPAL--">
<input type="hidden" name="user_id" value="<?php echo $user_id;?>">
<input type="image" src="https://www.sandbox.paypal.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.sandbox.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
Thanks for the help :)
<input type="hidden" name="custom" id="custom" value="<?php echo $user_id;?>"/>
Your IPN will receive the userID in the $_POST['custom'] variable.
If you want to pass more than one value to Paypal and back to your IPN:
<script type="text/javascript">
// using prototype
function checkCustom(){
var custom1 = $F('custom1');
var custom2 = $F('custom2');
$('custom').value = '{"userID":"'+ custom1 +'","publicDonation":"'+ custom2 +'"}';
}
</script>
<input type="hidden" name="custom1" id="custom1" value="<?php echo $user_id;?>"/>
<input type="hidden" name="custom2" id="custom2" value="<?php echo $user_email;?>"/>
For further information check the paypal IPN:
custom
Custom value as passed by you, the merchant. These are pass-through
variables that are never presented to your customer Length: 255
characters
https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_html_IPNandPDTVariables#id091EAB0105Z
Related
I am working on a paypal button and I am trying to figure out how to pass variables to paypal to bounce them back to my handler. I currently have the following in my paypal button code.
<input name="custom" type="hidden" value='{"firstName" : "Lucas","lastName" : "Harvmaster","email" : "shrike321#hotmail.com","companyName" : "Matchbox","password" : "123Cupcakes"}'>
This works, but isn't espectially dynamic. I am unsure how to pass that data as variables I collect from the user rather than hard coded. I don't think I can just create fillable spots in the form because it needs to be added together and formatted to send as the custom variable spot for paypal.
Edit: I saw some folks do something like this, but I wasn't quite able to get it working.
<?php
$firstName = "Lucas";
$lastName = "Harvmaster";
$email = "shrike321#hotmail.com";
$companyName = "Matchbox";
$password = "123Cupcakes";
?>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input name="custom" type="hidden" value='{"firstName" : <?php echo $firstName ?>,"lastName" : "Harvmaster","email" : "shrike321#hotmail.com","companyName" : "Matchbox","password" : "123Cupcakes"}'>
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="89924XE27QRNY">
<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
<input type="hidden" name="hosted_button_id" value="89924XE27QRNY">
This is a hosted button, it doesn't use dynamic variables stored in the PayPal account (editable via https://www.paypal.com/buttons )
While it's possible to create a non-hosted HTML button with other set variables, there is no reason to do so.
Instead, use a smart button: https://developer.paypal.com/demo/checkout/#/pattern/client
You can personalize one via https://www.paypal.com/buttons/smart
Then edit the purchase_units object to describe what it's selling. Your own data can be set in the custom_id string as documented here: https://developer.paypal.com/docs/api/orders/v2/#definition-purchase_unit_request
I'm trying to add a PayPal "pay now" type of button, which redirects users to make a payment. But after that's done, how would my database and program know if a payment was successful, and which thing was paid for?
I need PayPal to take a simple id variable, and return it to a specified page only after a payment happens. I think if PayPal can simply hold my "item_id" variable, it would be enough.
On my payments page:
<?php
$item_id = $item["id"];
?>
<td>
<!-- code from PayPal: -->
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="RZ3N8DZLEYN5L">
<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_paynow_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
</td>
On the payment_complete page:
<?php
if(isset($item_id)){
$query = "UPDATE items SET status = 'paid' WHERE id = {$item_id}";
$result = mysqli_query($db, $query);
redirect_to("paywalled_page.php");
}else{
redirect_to("payments.php");
}
?>
At PayPal, on the button creation page, under "advanced features" it looks like it lets me type a variable to return to a specified URL, but even if I got that to work I don't think a hardcoded "$paid = true" would be enough.
Looks like the "custom" passthrough variable might do it
https://developer.paypal.com/docs/classic/paypal-payments-standard/integration-guide/formbasics/
I'm trying to add a "custom" value to the 3rd party checkout PayPal option. The problem I'm having is the PHP variable is being displayed on the screen. I'm passing the shopping cart values in a session variable.
if(isset($_SESSION['checkout'])){
$orderData = '<table border="1"><th style="width:80px">Item</th>
<th sytle="width:250px">Size</th>
<th style="width:60px">Quantity</th>';
for ($i=0; $i<count($_SESSION['checkout']); $i++){
$orderData .= '<tr><td style="text-align:center">'.$_SESSION['checkout'][$i][0].'</td><td style="text-align:center">'.$_SESSION['checkout'][$i][1].'</td><td style="text-align:center">'.$_SESSION['checkout'][$i][2].'</td></tr>';
}
}
I want that table to be passed along, and based on the PayPal documentation, all I need to do is include it. I'm echoing out the PayPal form like this:
echo '<form>
//other hidden values
<input type="hidden" name="custom" value="'.$orderData.'">
//input submit button here
</form>
And like I said, the input is supposed to be hidden, but it gets displayed before the PayPal button. How come?
UPDATE: Those code passes the amount perfectly:
<input type="hidden" name="amount" value="';?><?php if(isset($_SESSION['disc'])){print_r($_SESSION['disc']);}?><?php echo '">
It doesn't display on the page but the variable amount is correct in the page source.
UPDATE2: Here's my entire cart script:
echo '<div style="position:absolute; left:770px; top:50px">
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="myemail#example.com">
<input type="hidden" name="item_name" value="Merchandise">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="no_shipping" value="0">
<input type="hidden" name="custom" value="'.$orderData.'">
<input type="hidden" name="return" value="backtomywebsite.com">
<input type="hidden" name="cancel_return" value="backtomywebsite.com">
<input type="hidden" name="amount" value="';?><?php if(isset($_SESSION[$disc])){print_r($_SESSION[$disc]);}?><?php echo '">
<input type="image" src="http://www.mywebsite.com/images/BuyNow.png" name="submit" alt="Make payments with PayPal - it\'s fast, free and secure!" width="300" height="204">
</form>
</div>';
The script works when instead of $orderData I have a print_r session with the item information. That information gets sent to my paypal account but it is in an array form and looks ugly. If there was a way to make everything (member information, order information) into a php variable and pass it into the custom field, that would be great. Anyway...here's what is on the screen:
Hope you're still willing to help me out.
What do you mean it gets displayed before the PayPal button? If you are viewing the source code of the page, you will see the value in the page.
If you are saying you are passing amount over, but are not seeing it you may be using the wrong variable. The variable amount is a valid PayPal variable but depending what button you are specifically using the amount varialbe is slightly different. I could not tell from your code as I didn't see what you were passing over for "cmd", but if you are using a buy now button or an add to cart button that the variable "amount" would be the correct variable to use. If you are usnig the cart upload method, then you want to use the variable "amount_x". So if I passed two items over, and the first one was 0.99 and the second was 1.99 I would pass over the variable/value of "amount_1=0.99" and "amount_2=1.99".
i have a php page with a form named "BuyForm" and a separate submit button..
like this
<form id="BuyForm" name="BuyForm" method="post" action="purchase.php" enctype="multipart/form-data">
// form goes here
<input type="submit" name="submit" value="Buy Now" class="buyButton">
</form>
now when i want to add a paypal button it gave me seperate form code like this
Paypal button code
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="SOMEVALUE">
<input type="image" src="https://www.paypalobjects.com/en_GB/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="1" height="1">
</form>
I m redirecting this form action="purchase.php" to this page only because all validation is in this page only, so what is in my mind is that on checking my form "BuyForm" for any errors and on successful i want it to redirect to another page where there is this paypal form.. Am I thinking right?
user have to click twice, once on submit button then it redirfects to paypal form where he'll click again on purchase button to make his purchase.. or what else can be done??
It's not the right way to do this. You should redirect the user from purchase page instead of letting user click twice. On purchase page, where you are redirecting user to paypal form, write this code and directly redirect user to paypal from there by this :
$paypal_email = "dummy#gmail.com";
$url='https://www.paypal.com/webscr?cmd=_xclick';
$currency="USD";
$paypal_redirect .= $url;
$paypal_redirect .= '&amount='.$cost;
$item_name = 'Item name';
$notify_url = "http://example.com/notify.php";
$cancel_url = "http://example.com/cancel.php";
$paypal_redirect .= '&return = http://example.com/thanks.php&paymentaction=authorization&business='.$paypal_email.'&item_name='.$item_name.'&no_shipping=1&no_note=1¤cy_code='.$currency.'&charset=UTF-8¬ify_url='.urlencode($notify_url).'&cancel_url='.urlencode($cancel_url).'&rm=2';
header("Location:".$paypal_redirect);
This is the right way to do this.
Hello I would like to create a paypal buy button which has a dynamic set amount.
I would like to pass the amount by a text input field within the form and the item_number by a hidden field.
The issue is that what ever I do I get a encrypted s-xclick button from the paypal website.
This button does not allow hidden variables being placed in the form.
I think what I need is a xclick button. My goal is to allow users to increase their internally credit of my website.
EDIT (moving the addition to the question from the answer to the question)(from here #tokam:
To add this to the discussion I would like to show my current solution for the problem:
Here we have some Javascript validation which helps the user with the input. Recognize that it opens a lightbox on success
function validatePaypalForm()
{
var val = $('#paypalPaymentAmount').val().replace(/\s*$/, "").replace(/,/ , ".").replace(/€$/, "");
var errormsg = '';
var ret, amountField;
if( val==='' || isNaN( parseFloat(val) ) || !isFinite(val) )
{
errormsg = 'Bitte geben Sie einen gültigen Betrag an';
}else if( parseFloat( val ) < <?php echo $this->minimum?> )
{
errormsg = 'Das Einzahlungsminimum beträgt <?php echo $this->minimum?>€';
}
ret = ( errormsg === '' );
amountField = $( '#paypalAmountField' );
if( ret )
{
amountField.removeClass( 'error' );
$('#paypalAmountErrorMessage').html( ' ' );
$('#paypalPaymentAmount').val( val );
fb.start(
'<p><strong>Sie werden in kürze zur Seite von Paypal weitergeleitet.</strong></p>',
'width:700 showPrint:false modal:true showClose:false showOuterClose:true showItemNumber:false closeOnNewWindow:false outsideClickCloses:true innerBorder:0 imageClickCloses:false scrolling: no'
);
}else{
amountField.addClass( 'error' );
$('#paypalAmountErrorMessage').html( errormsg );
}
return ret;
}
Here comes my button now. The issues I am having with are e.g. that it is easy for the user to set an other currency code. I could handle this in my IPN Listener by refunding the payment. Are there other issues which come with an unencrypted changeable button?
<form onsubmit="return validatePaypalForm();" class="stn-form" action="https://www.paypal.com/cgi-bin/webscr" method="post">
<fieldset id="fieldset-p"><legend><span>2.</span>myproject Guthaben aufladen per Paypal Zahlung</legend>
<div id='paypalAmountField' class="field">
<label for='paypalPaymentAmount' >Betrag €:</label>
<input id='paypalPaymentAmount' type="text" name='amount' value='' />
<span style='display:block;' id='paypalAmountErrorMessage' class='errorText'>' </span>
</div>
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="THE_ID_OF_MY_CLIENT">
<input type="hidden" name="lc" value="DE">
<input type="hidden" name="item_name" value="myproject Advertiser Vorkasse">
<input type="hidden" name='item_number' value="11500">
<input type="hidden" name="currency_code" value="EUR">
<input type="hidden" name="button_subtype" value="services">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="bn" value="PP-BuyNowBF:btn_paynowCC_LG.gif:NonHosted">
<input type="hidden" name="rm" value="1">
<input type="hidden" name='cbt' value="Zu myproject.de zurückkehren">
<input type="hidden" name="currency_code" value="EUR">
<input type="hidden" name="return" value="http://myproject.somedomain.net/advertiser/guthaben-aufladen/ret/success" />
<input type="hidden" name="cancel_ return" value="http://myproject.somedomain.net/advertiser/guthaben-aufladen/ret/canceled" />
<div class="actionrow">
<input type="image" src="https://www.paypalobjects.com/de_DE/DE/i/btn/btn_paynowCC_LG.gif" border="0" name="submit" alt="Jetzt einfach, schnell und sicher online bezahlen – mit PayPal.">
<img alt="" border="0" src="https://www.paypalobjects.com/de_DE/i/scr/pixel.gif" width="1" height="1">
</div>
</fieldset>
</form>
The reason you can't override the amount dynamically, is because you have a so-called 'PayPal hosted button'.
With a hosted button, the amount is stored on PayPal's side and can't be overwritten with the 'amount' variable.
You'll either want to use a non-hosted button, or use the BMUpdateButton API call to dynamically update the button's amount.
To use a non-hosted button, simply find 'Step 2' in the button creation tool and untick 'Host button with PayPal'.
Option 2:
Still use the hosted button, and use the BMUpdateButton API to update the amount. An example request for BMUpdateButton would look as follows:
USER=Your API username
PWD=Your API password
SIGNATURE=Your API signature
VERSION=82.0
HOSTEDUBTTONID=The value of <input type="hidden" name="hosted_button_id" value="">
BUTTONTYPE=The type of button. E.g. BUYNOW
BUTTONCODE=The type of code you want to get back. E.g. HOSTED
L_BUTTONVAR0=amount=The new amount with a period as separator
L_BUTTONVAR1=item_name=Optional: a new item name if you wish
Similary, you could also use the BMCreateButton API to create a new button, or use the BMButtonSearch API to search through a list of all your stored hosted buttons (to find the hosted_button_id of your button automatically, for example)
The reason to use a hosted button is because it's more secure. A non-hosted, unencrypted button would basically leave the amounts open to manipulation. Fraudulent transactions waiting to happen.
you shouldn't use xclick which isn't encrypted . the way I solved this is using paypal button api - with some kind of caching in the client so you won't do the whole http request response every time.
note that paypal uses 2 types of api - the NVP which is sort of restful (also not really) and SOAP (I used the NVP method)
you could also generate the the encrypted button in your server using openssl - but I run into unsolvable problems with this method and couldn't get any help for that either here or in paypal horrible developer forums
edit: the problem with not encrypted buttons are that anyone using firebug (not talking about more advanced tools) could interecept a payment and change the cost etc'..
If you insist in that direction you could follow the simple html form from paypal to create this button. you do it in paypal site and create an unencrypted button and then just edit the html and change the needed field to <?php $variable?>. I would strongly advice against this path.
I think this might work for you if you update ... "you#yoursite.com" ... it's non encrypted and still seems to host on paypal's site for clearing
drop the: value="my_default_price"
if you want the user to enter it into a blank text box ... for my page, prices are tied to the price of gold, so I have to dynamically update the variable "amount" and i just leave off value=
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="you#yoursite.com">
<input type="hidden" name="item_name" value="example description">
<input type="hidden" name="item_number" value="">
<input type="text" name="amount" value="my_default_price">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="return" value="http://www.yoursite.com/returnpage.php">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="lc" value="US">
<input type="hidden" name="bn" value="PP-BuyNowBF">
<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but02.gif" border="0" name="submit" alt="Make your payments with PayPal. It is free, secure, effective.">
<img alt="" border="0" src="https://www.paypal.com/it_IT/i/scr/pixel.gif" width="1" height="1">
</form>